|
Namespace Isolation
cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, etc.) of a collection of processes. Engineers at Google started the work on this feature in 2006 under the name "process containers". In late 2007, the nomenclature changed to "control groups" to avoid confusion caused by multiple meanings of the term "container" in the Linux kernel context, and the control groups functionality was merged into the Linux kernel mainline in kernel version 2.6.24, which was released in January 2008. Since then, developers have added many new features and controllers, such as support for kernfs in 2014, firewalling, and unified hierarchy. cgroup v2 was merged in Linux kernel 4.5 with significant changes to the interface and internal functionality. Versions There are two versions of cgroups. Cgroups was originally written by Paul Menage and Rohit Seth, and merged into the mainline Linux kern ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
C (programming Language)
C (''pronounced'' '' – like the letter c'') is a general-purpose programming language. It was created in the 1970s by Dennis Ritchie and remains very widely used and influential. By design, C's features cleanly reflect the capabilities of the targeted Central processing unit, CPUs. It has found lasting use in operating systems code (especially in Kernel (operating system), kernels), device drivers, and protocol stacks, but its use in application software has been decreasing. C is commonly used on computer architectures that range from the largest supercomputers to the smallest microcontrollers and embedded systems. A successor to the programming language B (programming language), B, C was originally developed at Bell Labs by Ritchie between 1972 and 1973 to construct utilities running on Unix. It was applied to re-implementing the kernel of the Unix operating system. During the 1980s, C gradually gained popularity. It has become one of the most widely used programming langu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Operating System-level Virtualization
OS-level virtualization is an operating system (OS) virtualization paradigm in which the Kernel (operating system), kernel allows the existence of multiple isolated user space and kernel space, user space instances, including containers (LXC, Solaris Containers, AIX Workload_Partitions, WPARs, HP-UX SRP Containers, Docker (software), Docker, Podman), zones (Solaris Containers), virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels (vkernel, DragonFly BSD), and jails (FreeBSD jail and chroot). Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources (connected devices, files and folders, Shared resource, network shares, CPU power, quantifiable hardware capabilities) of that computer. Programs running inside a Containerization (computing), container can only see the container's contents and devices assigned to the container. On U ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Lmctfy
lmctfy ("Let Me Contain That For You", pronounced "l-m-c-t-fi") is an implementation of an operating system–level virtualization, which is based on the Linux kernel's cgroups functionality. It provides similar functionality to other container-related Linux tools such as Docker and LXC. Lmctfy is the release of Google's container tools and is free and open-source software subject to the terms of the Apache License The Apache License is a permissive free software license written by the Apache Software Foundation (ASF). It allows users to use the software for any purpose, to distribute it, to modify it, and to distribute modified versions of the software ... version 2.0. The maintainers in May 2015 stated their effort to merge their concepts and abstractions into Docker's underlying library libcontainer and thus stopped active development of lmctfy. References External links Presentation slides from initial release announcementProject websiteProject "README" file pro ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Grid Engine
Oracle Grid Engine, previously known as Sun Grid Engine (SGE), CODINE (Computing in Distributed Networked Environments) or GRD (Global Resource Director), was a grid computing computer cluster software system (otherwise known as a batch-queuing system), acquired as part of a purchase of Gridware, then improved and supported by Sun Microsystems and later Oracle. There have been open source versions and multiple commercial versions of this technology, initially from Sun, later from Oracle, then from Univa Corporation, and later from HPC Gridware as Gridware Cluster Scheduler. The open source version is still under active development under the SISSL license as Open Cluster Scheduler. On October 22, 2013 Univa announced it acquired the intellectual property and trademarks for the Grid Engine technology and that Univa will take over support. Univa has since evolved the Grid Engine technology, e.g. improving scalability as demonstrated by a 1 million core cluster in Amazon Web Servi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Systemd
systemd is a software suite that provides an array of system components for Linux operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manager" — an init system used to Bootstrapping, bootstrap user space and manage process (computing), user processes. It also provides replacements for various Daemon (computing), daemons and utilities, including device management, login management, network connection management, and event logging. The name ''systemd'' adheres to the Unix convention of naming daemons by appending the letter ''d''. It also plays on the term "System D", which refers to a person's ability to adapt quickly and improvise to solve problems. Since 2015, the majority of Linux distributions have adopted systemd, having replaced other init systems such as SysV init. It has been praised by developers and users of distributions that adopted it for providing a stable, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Libvirt
libvirt is an open-source API, daemon and management tool for managing platform virtualization. It can be used to manage KVM, Xen, VMware ESXi, QEMU and other virtualization technologies. These APIs are widely used in the orchestration layer of hypervisors in the development of a cloud-based solution. Internals libvirt is a C library with bindings in other languages, notably in Python, Perl, OCaml, Ruby, Java, JavaScript (via Node.js) and PHP. libvirt for these programming languages is composed of wrappers around another class/package called libvirtmod. libvirtmod's implementation is closely associated with its counterpart in C/C++ in syntax and functionality. Supported Hypervisors * LXC – lightweight Linux container system * OpenVZ – lightweight Linux container system * Kernel-based Virtual Machine/QEMU (KVM) – open-source hypervisor for Linux and SmartOS * Xen – bare-metal hypervisor * User-mode Linux (UML) – paravirtualized kernel * VirtualBox – hypervis ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Firejail
Firejail is a security sandbox tool designed to enhance the security of applications by isolating them in a sandbox environment. It is a free and open-source software available for Linux-based operating systems. Firejail was created by Antti Kantee and is maintained by a community of developers. Features * Sandboxing: Firejail allows users to run applications in isolated environments, preventing them from accessing sensitive files and system resources. * SELinux Integration: It integrates with SELinux (Security-Enhanced Linux) to provide robust security policies. * Resource Limitation: Firejail can limit the resources (CPU, memory Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembe ..., etc.) that a sandboxed application can use. * Network Isolation: It can restrict network access f ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Docker (software)
Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called ''containers''. The service has both free and premium tiers. The software that hosts the containers is called Docker Engine. It was first released in 2013 and is developed by Docker, Inc. Docker is a tool that is used to automate the deployment of applications in lightweight containers so that applications can work efficiently in different environments in isolation. Background Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels. Because all of the containers share the services of a single operating system kernel, they use fewer resources than virtual machines. Operation Docker can package an application and its dependencies in a virtual container that can run on any Linux, Windows, or macOS computer. This enables the appli ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux Kernel And Daemons With Exclusive Access
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution (distro), which includes the kernel and supporting system software and libraries—most of which are provided by third parties—to create a complete operating system, designed as a clone of Unix and released under the copyleft GPL license. Thousands of Linux distributions exist, many based directly or indirectly on other distributions; popular Linux distributions include Debian, Fedora Linux, Linux Mint, Arch Linux, and Ubuntu, while commercial distributions include Red Hat Enterprise Linux, SUSE Linux Enterprise, and ChromeOS. Linux distributions are frequently used in server platforms. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses and recommends the name "GNU/Linux" to emphasize the use and import ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Application Checkpointing
Checkpointing is a technique that provides fault tolerance for computing systems. It involves saving a Snapshot (computer storage), snapshot of an application software, application's state, so that it can restart from that point in case of failure. This is particularly important for long-running applications that are executed in failure-prone computing systems. Checkpointing in distributed systems In the distributed computing environment, checkpointing is a technique that helps tolerate failures that would otherwise force a long-running application to restart from the beginning. The most basic way to implement checkpointing is to stop the application, copy all the required data from the memory to reliable storage (e.g., parallel file system), then continue with execution. In the case of failure, when the application restarts, it does not need to start from scratch. Rather, it will read the latest state ("the checkpoint") from the stable storage and execute from that point. While ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
File Descriptor
In Unix and Unix-like computer operating systems, a file descriptor (FD, less frequently fildes) is a process-unique identifier (handle) for a file or other input/output resource, such as a pipe or network socket. File descriptors typically have non-negative integer values, with negative values being reserved to indicate "no value" or error conditions. File descriptors are a part of the POSIX API. Each Unix process (except perhaps daemons) should have three standard POSIX file descriptors, corresponding to the three standard streams: Overview In the traditional implementation of Unix, file descriptors index into a per-process maintained by the kernel, that in turn indexes into a system-wide table of files opened by all processes, called the . This table records the ''mode'' with which the file (or other resource) has been opened: for reading, writing, appending, and possibly other modes. It also indexes into a third table called the inode table that describes the ac ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Page Cache
In computing, a page cache, sometimes also called disk cache, is a transparent cache for the pages originating from a secondary storage device such as a hard disk drive (HDD) or a solid-state drive (SSD). The operating system keeps a page cache in otherwise unused portions of the main memory (RAM), resulting in quicker access to the contents of cached pages and overall performance improvements. A page cache is implemented in kernels with the paging memory management, and is mostly transparent to applications. Usually, all physical memory not directly allocated to applications is used by the operating system for the page cache. Since the memory would otherwise be idle and is easily reclaimed when applications request it, there is generally no associated performance penalty and the operating system might even report such memory as "free" or "available". When compared to main memory, hard disk drive read/writes are slow and random accesses require expensive disk seeks; as a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
